Variable size key cipher and method and device using the same

ABSTRACT

An encryption device and method and decryption device and method which implement a bit-based encryption scheme and hardware design. The encryption device includes a random number generator, receiving a main key, determining a working key using at least one random number and outputting a working key, a model, receiving the main key, the working key and plain text to be encoded and generating at least two frequency counts. The encryption device further includes an encoder, which outputs encoded text based on the working key, the plain text and the at least two frequency counts. The encryption device and method and decryption device and method progress encrypted text that is based upon a stream structure with an unlimited key length and may be compressed by 50%. The encoded text is changeable with different environments even for the same plain text and the same key. Operations of the hardware design are based on arithmetic additions and shifts, and not multiplications and divisions. As a result, the hardware design is simple and applicable to cryptography and e-commerce.

FIELD OF THE INVENTION

[0001] The present invention is directed to encryption and decryption,and more particularly, to a variable size key cipher and method anddevice for utilizing variable size key cipher to perform encryption anddecryption.

DESCRIPTION OF THE RELATED ART

[0002] Traditionally, compression and cryptography have been considereddistinct and separate technologies, which were developed and appliedseparately. However, they share a common goal of removing redundancy ofan output, although they do so in different ways. Recognizing thiscommon goal, Witten, Neal and Cleary (hereafter known as WNC) were thefirst to apply adaptive arithmetic coding to encryption. In particular,WNC made the following observations:

[0003] by re-coding messages, compression protects the messages fromcasual observers;

[0004] removing redundancy denies a cryptanalyst the leverage ofexploiting the normal statistical regularities in natural language; and

[0005] adaptively taking advantage of the characteristics of the databeing transmitted provides good compression performance.

[0006] The properties identified in these three observations appear tooffer the benefits of good compression as well as good security—the bestof both worlds.

[0007] The schematic flow of a conventional, general, arithmetic coding,model-based encryption scheme 10, such as the WNC scheme, is illustratedin FIG. 1. As illustrated in FIG. 1, plain text 12 is input to both anencoder 14 and a model 16. A key 18 is also input to the model 16. Theencoder 14 produces cipher text 20 based on the plain text 12 and anoutput of the model 16. The model 16 provides, in any given context, aprobability distribution for the next character. The simplest models areinsensitive to context and give the same distribution regardless of theneighboring character. The model 16 should not assign zero probabilityto any symbol that actually occurs, otherwise the symbol cannot be codedbecause the upper and lower ends of its range coincide. For encoder 14,a source symbol alphabet is chosen and each symbol is assigned aprobability of occurrence. The interval range is usually 0 to 1 and eachsource symbol occupies a subinterval in the range according to itsprobability. The interval is successively subdivided as each new sourcesymbol is read. Highly probable symbols reduce the interval by a smalleramount than less probable symbols. The cipher text 20 is represented bya value in the interval. Such a system is described in “Data Security ina Fixed-Model Arithmetic Coding Compression Algorithm” published inComputer & Security, 11(1992), pp. 445-461.

[0008] As the name arithmetic coding might suggest, the source symbolswhich make up the plain text 12 are encoded numerically. Each symboldoes not necessarily translate into the same fixed code which makes upthe cipher text 20 each time the symbol is encoded. An input sourcestring, which may be a string of source symbols, is usually representedby an interval of real numbers between 0 and 1. The range of theinterval may initially be defined by a value proportional to theprobability of the symbol in question. The interval may be successivelysubdivided as each new source symbol is read from the plain text 12.Highly probable symbols in the plain text 12 reduce the interval by asmaller amount than less probable symbols. As an analogy, the arithmeticcoding, as illustrated in FIG. 1, is like using a flexible ruler tomeasure a symbol string.

[0009] The WNC scheme is a byte-based arithmetic coding scheme forencryption that utilizes a frequency table without a random generator.Key features of the WNC scheme are a byte-based model and an initialfrequency table as the key for encryption. In WNC, the working key andmain key are the same.

[0010] However, subsequent research by Bergen et al. in “Data Securityin a Fixed-Model Arithmetic Coding Compression Algorithm”, Computer &Security, pp. 445-461, 1992, has shown that there are security issueswith the WNC scheme. In particular, the WNC implementation of a fixedmodel arithmetic-coding algorithm promotes easy analysis and thereforethe possibility of easy and straightforward deciphering. This ease ofanalysis and deciphering is the direct result of repeating fixedsub-strings in the output, which characterize each particular symbol.The fixed nature of the WNC implementation permits relatively easydetermination of both the ordering of symbols in the initial frequencytable and the actual values of the symbol frequencies. As a result, itis difficult to design a secure model and key control for the WNCencryption scheme.

SUMMARY OF THE INVENTION

[0011] The present invention solves the problems with conventionalarithmetic coding techniques by providing an encryption device andmethod and a decryption device and method which are based on a bit-basedarithmetic coding technique. The encryption device and method and thedecryption device and method utilize frequency tables for value 0 and 1and a random generator. The frequency tables includes working keys notmain keys, as in conventional techniques. At the beginning of theencoding, a main key is input into an encoder. A model initializes thefrequency table according to the main keys and a random bit to form aworking key. The working key, which is changeable, is used as theprobability to encode plain text. The model in the present inventionupdate the probability according to the input text.

[0012] More specifically, the present invention is directed to anencryption device, comprising a random number generator, receiving amain key, determining a working key using at least one random number andoutputting the working key; a model, receiving the main key, the workingkey and plain text and generating at least two frequency counts; and anencoder, outputting cipher text, based on the working key, the plaintext, and the at least two frequency counts.

[0013] Further, the present invention is directed to a method ofencrypting, comprising processing random bits and key bits to generateat least one frequency table; and encoding plain text using the at leastone frequency table. Still further, the present invention is directed toa decryption device, comprising a model, receiving a main key, a workingkey and plain text and generating at least two frequency counts; adecoder, outputting plain text, based on the working key, the main key,the plain text, the at least two frequency counts, and a random numbergenerator, receiving the plain text and determining the working keyusing at least one random number and outputting the working key to saidmodel. Still further, the present invention is directed to a method ofdecrypting, comprising processing random bits and key bits to generateat least one frequency table; and decoding cipher text using the atleast one frequency table.

[0014] A bit-based encryption scheme and hardware design of the presentinvention produces a cipher that is based upon stream structure and withan unlimited key length. The cipher also has the advantage that it maycompress plain text by at least 50%. The cipher is changeable withdifferent environment even for the same plain text and the same key.Operations in the hardware design are based on arithmetic additions andshifts, no multiplication and divisions are included. Therefore, thehardware design is simple. The cipher, encoder, decoder and methods areapplicable to cryptography and e-commerce.

BRIEF DESCRIPTION OF THE DRAWINGS

[0015]FIG. 1 illustrates a conventional, general, arithmetic coding,model-based encryption scheme.

[0016]FIG. 2 illustrates an exemplary schematic flow for encryption inone exemplary embodiment of the present invention.

[0017]FIG. 3 illustrates a flowchart for encoding in one embodiment ofthe present invention; and

[0018]FIG. 4 illustrates a model in more detail in one exemplaryembodiment of the present invention.

[0019]FIG. 5 illustrates the frequency table in one exemplary embodimentof the present invention.

[0020]FIG. 6 illustrates an exemplary schematic flow of decryption inone exemplary embodiment of the present invention;

[0021]FIG. 7 illustrates a flowchart for decoding in one embodiment ofthe present invention; and

[0022]FIG. 8 illustrates a model in more detail in another exemplaryembodiment of the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

[0023]FIG. 2 illustrates an exemplary schematic flow for encryption inone embodiment of the present invention. As illustrated in FIG. 2, plaintext 12 is input to both an encoder 114 and a model 116. A main key 118is supplied to the model 116 and to a random generator 122. The randomgenerator 122 produces working keys from the main key 118 and randomnumbers generated within and the working keys are output to the encoder114 and the model 116. The model 116 provides to the encoder 114, twofrequency counts, for 0 and 1, respectively and the encoder 114 outputis a compressed bit stream. The encoder 114 produces compressedinformation (i.e., cipher text 120), based on the plain text 12 and theworking keys output from the random number generator 122, and thefrequency counts 0,1 from the model 116.

[0024] The encoder 114 may operate as follows. A message to be encodedis represented by an interval of real numbers between 0 and 1. As themessage becomes longer, the interval needed to represent the messagedecreases and the number of bits needed to specify the intervalincrease. Successive symbols of the message reduce the size of theinterval in accordance with the symbol probabilities generated by themodel 116. The more likely symbols reduce the range by less than theunlikely symbols and hence add fewer bits to the message.

[0025] Initially, the interval assigned to a message is the entireinterval [0,1)([0,1) denotes the half-open interval 0≦x<1). As eachsymbol in the message is processed, the range is narrowed to thatportion of the range allocated to the given symbol. For example, assumethe alphabet is (a, b, c, d, e, f) and a fixed model is used with theprobabilities shown in Table 1. TABLE 1 Symbol Probability Range a 025[0,0.25) b 0.25 [0.25, 0.5) c 0.1 [0.5, 0.6) d 0.1 [0.6, 0.7) e 0.1[0.7, 0.8) f 0.2 [0.8, 1.0)

[0026] Assume the message abc is transmitted. Initially, the encoder 114(and an associated decoder which will be described later) knows that therange is [0,1). After receiving the first symbol a, the encoder 114narrows the range to [0,0.25), the range that model 116 allocates to thesymbol a. The second symbol b narrows the new range to the secondone-fourth, [0.0625, 0.125)—the previous range was 0.25 units long andone-fourth of that is 0.0625. The next symbol c is allocated [0.5, 0.6),which when applied to [0.0625, 0.125) gives the smaller range [0.09375,0.1).

[0027] Suppose all the associated decoder knows about the message is thefinal range [0.9375, 0.1). The decoder can immediately deduce that thefirst character was a, since the range lies entirely within the spacethe model of Table 1 allocates for a. After this, the range is [0,0.25). After seeing b [0.0625, 0.125) which entirely encloses the givenrange [0.09375, 0.1), the second character is b. Proceeding in thismanner, the decoder can identify the whole message.

[0028] In one exemplary embodiment, the encoder 114 is the encoderdescribed in copending U.S. application Ser. No. 09/240,576 entitled“Multiplication-Free Arithmetic Coding” filed on Feb. 1, 1999, theentire contents of which are hereby incorporated by reference. Anadvantage of this encoder are that there is no multiplication anddivision operation involved, which makes the hardware design simple.This encoder is described below.

[0029] Encoding

[0030] Initially, two registers R and L, are set to 1 and an arbitrarynumber, respectively. The encoder 114 is supplied with three inputs, afirst frequency count c₀ representing a fractional value of theprobability of 0, a second frequency count c₁, representing a fractionalvalue of the probability 1, and a so-far encoded symbol i (either 0 or1).

[0031] The encoding steps performed by the encoder 114 can be summarizedin pseudocode as:

[0032] 1. If c₀>c₁, exchange the values of c₀ and c₁, and let i=!i.

[0033] 2. While R≦c₁, do

[0034] Output the most significant bit of L.

[0035] L=L<<=1, R=R<<=1.

[0036] If R>˜L, then R=˜L+1.

[0037] 3. If i=0, then R=c₀; else R=R−c₀, L=L+c₀.

[0038] Output L

[0039] Note that some C Language notation is employed in the abovepseudocode. ! represents logic complement, represents binary complement,and <<=represents arithmetic shift left. From the description above, thepresent invention operates on the following assumption: for eachiteration, R≅c₀+c₁.

L:=L, R:=c₀, i=0   (1)

L:=L+c ₀ , R:=R−c ₀ , i=1   (2)

[0040] In the present invention, initializing the two registers R and Lto 1 and an arbitrary number, respectively, permits the first word inthe output stream to denote a synchronous word for real timetransmission applications. Further, step 1 is generally referred to asan exchange step, step 2 is referred to as an adjustment step, and step3 is referred to as an encoding step. A magnitude step, which isrequired in conventional multiplication-free arithmetic codingtechniques is not required in the present invention. In the presentinvention, the adjustment step is executed before the encoding step. Inthe adjustment-step, executing the “while” loop when the value ofregister R is less than or equal to the value of the second frequencycount and setting the value of register R equal to the binary complementof the value of register L plus one if the value of the register R isgreater than the binary complement of the value of register R eliminatesthe need for a subsequent bit stuffing step.

[0041] To summarize, the method of multiplication-free arithmetic codingof the present invention produces an encoded bit stream by receiving asymbol from an encoded string and two frequency counts, finding a mostprobable symbol and a least probable symbol; subjecting a first registerto magnitude shift operations for outputting bits to the encoded bitstream and for approximating a contextual probability of each symbol inthe encoded string, and encoding a next symbol in the encoded stringbased on the contextual probability.

[0042]FIG. 3 includes the specific steps performed by the encoder 114 inthe encoding process 20 in more detail. In particular, in step 22,registers R and L are initialized to 1 and the sync word, respectively.The encoded bit stream, in this example, 11011100i, is input along withthe initial values of registers R and L to the 0-order Markov model atstep 24 to produce the frequency counts c₀ and c₁. In step 26, c₀ and c₁are compared and if c₀ is greater than c₁, c₀ and c₁ are exchanged and iis set to its logical complement at step 28. If however, c₀ is notgreater than c₁, processing proceeds to step 30, where it is determinedwhether the value in register R is greater than or equal to c₁. If so,processing proceeds to step 32, where the most significant bit of the Lregister is output, L and R are arithmetically left shifted, and if R isgreater than the binary complement of L, then R is set to the binarycomplement of L plus one, and processing returns to step 30. If thevalue of register R is not greater than equal to C,, then processingcontinues to step 34. In step 34 it is determined whether i is equal to0. If i is equal to 0, then the value of register R is set equal to C₀at step 36 and if i is not equal to 0 then R is set to the previousvalue of R minus c₀ and L is set to the previous value of L plus c₀ instep 38, thereby encoding the next bit in the bit stream. The processthen repeats by inputting the next bit to the Markov model update atstep 24. The processing is continued until all bits of the input bitstream are encoded. Then, the value of register L is output as theencoded bit stream.

[0043] Although the present invention is described utilizing a 0-orderMarkov model, any model, known to one ordinary skill in the art, couldbe utilized.

[0044] As illustrated in FIG. 4, the model 116 includes a frequencytable 130 (illustrated as RAMs 126) and a model controller 128. Thefrequency counts contained in frequency table 130 represent theprobabilities, such as the probabilities shown in Table 1. The plaintext 12, the main key 118 and the working keys are input to the modelcontroller 128. The random generator 122 generates one random bit persystem clock. As illustrated in FIG. 4, the frequency table 130 mayinclude two related terms that make it very difficult to trace allinformation saved in the frequency table 130 except the two relatedterms. The model 116 can use an address register r to record the closestt bits currently processed, the size of the frequency table 130 is2^(t). In one embodiment, the model 116 is a t-order Markov model and rlooks like sliding windows of size t. Initially, the values in thefrequency table 130 may be set to 1.

[0045] The present invention may be described as a two phase cipher. Thefirst phase processes random bits and key bits. In the first phase, thekey size controls the random bit generator, so that controller 128 canobtain random bit string with the same size as the key. For each bitpair (one random bit, one key bit), controller 128 can perform thefollowing:

[0046] 1) according to a shift register in model controller 128, get F0and F1 from RAMs 126;

[0047] 2) if the key bit is 0, add 1 to F0; else add 1 to F1;

[0048] 3) pass the random bit and F0, F1 to encoder 114;

[0049] 4) if the random bit is 0, add 1 to F0; else add 1 to F1;

[0050] 5) write F0 and F1 back to RAMs 126;

[0051] 6) left shift the shift register in model controller 128, andinsert the current random bit into the last position of the shiftregister.

[0052] In the first phase, the random bit is provided to encoder 114 (ordecoder) via the model controller 128. When the first phase iscompleted, a useful initial frequency table is obtained in RAMs 126.

[0053] In the second phase, the plain text 12 is encoded. In the secondphase, the plain text 12 is input to the model controller 128 whichexecutes the following actions for each input bit:

[0054] 1) according to the shift register, get F0 and F1 from RAMs 126;

[0055] 2) pass the plain text bit and F0, F1 to encoder 114;

[0056] 3) if the plain text bit is 0, add 1 to F0; else add 1 to F1;

[0057] 4) write F0 and F1 back to RAMs 126;

[0058] 5) left shift the shift register, and insert the current plaintext bit into the last position of the shift register. Therefore, theplain text 12 also will pass to encoder 114 (or decoder) via the modelcontroller 128.

[0059]FIG. 5 illustrates the frequency table 130 in one preferredembodiment of the present invention. As illustrated in FIG. 5, thefrequency table 130 includes r entries for the frequency of 0 and rentries for the frequency of 1. The size of the frequency table 130 inone embodiment is 2^(t). In one embodiment, t=15.

[0060] The model controller 128 controls the read and writes of the RAMs126 and the output of the frequency table 130 and source bit to thearithmetic coder 114. The inputs to the encoder 114 include a text bitfrom the plain text 12, a key bit from the main key 118, a random bitfrom the random generator 122, and two frequencies 136 from the RAMs126. The output of the model controller 128 to RAMs 126 is a read-enablesignal 138, a write-enable signal 140, modified frequencies 142 for bits“0” and “1”, respectively and an address 144. The outputs from the modelcontroller 128 to the encoder 114 include a source bit 146 and a pair offrequency counts 148 for bits “0” and “1”. In one exemplary embodiment,the model 116 is implemented utilizing two clocks, a system clock and aRAM clock, in order to permit the model controller 128 to finish a readand write to the RAMs 126 in one system cycle.

[0061] The interaction between the encoder 114 and the model 116 is asfollows. Initially, r may be set to a fixed number; the current value ofr is used to find two frequency counts respectively for 0 and 1 from thefrequency table 130. The two counts are then input to the encoder 114.The current bit is encoded and the frequency count is updated at thelocation pointed to by r. Then, slide r to contain the current bit andrepeat until all bits are encoded.

[0062] As illustrated in the embodiment of FIG. 4, the frequency table130 includes random access memories 126. The two RAMs 126 represent thefrequency tables for bits “0” and “1”, respectively. In one exemplaryembodiment, there are a total of 64 k pairs of frequencies for bits “0”and “1”. As a result, the frequency may range from 1 to 255. The encoder114 implements an arithmetic encoding algorithm, where its input signalis a one bit source signal and a pair of frequencies for bits “0” and“1”. For each time interval, the pair of frequencies are different anddependent on the input source bit. The output of the encoder 114 is thecipher-text 120 and an output valid bit 150.

[0063] The present invention may also use a key (any length of bitstream) to control the initial value in frequency table 130 and a randombit stream to control the values of r. The random bit stream may begenerated by the random generator 122. The key for encryption is termedthe working key. To be more precise, if k₁, k₂, . . . , k_(n) is the bitstream for encryption key. An exemplary algorithm is as follows:

[0064] Encryption

[0065] Initialization: r=0. Let all items in frequency table 130 be 1,initialize the encoder 114,j=1

[0066] Input: k₁, k₂, . . , k_(n)

[0067] 1. While j<=n, do

[0068] Find the location pointed by r from the frequency table 130.

[0069] If k_(j)=1, add 1 to frequency 1 location; else add 1 tofrequency 0 location.

[0070] Use the current frequency counts to encode one bit 1 from randomgenerator 122.

[0071] If I=1, add 1 to frequency 1 location; else, add 1 to frequency 0location.

[0072] Left shift r, r=r| the random bit

[0073] 2. Encode plain text 12 and update model 116 as follows:

[0074] If current bit is 1, add 1 to frequency 1 location, else add 1 tofrequency 0 location.

[0075] Left shift r, r=r| the current bit

[0076] It is noted that step 1 is used to generate the initial frequencytable 130, the frequency table 130 may depend on environment, sincerandom generator 122 is used. Further, even if the same encryption keyis used at different times, a different frequency table 130 will result.This indicates the cipher in the present invention is not one-to-one butis variable.

[0077] In one preferred embodiment, VHDL language is used to describethe behavior model between the model controller 128 and the encoder 114illustrated in FIG. 4. Exemplary VHDL is set forth below: libraryIEEE; - use IEEE.std_logic_uusigned.all; use IEEE.std_logic_signed.all;use IEEE.std_logic_arith.all; use IEEE.std_logic_1164.all; entity cipheris port ( key   :in std_logic; random  :in std_logic; text  :instd_logic; end_of_key : in std_logic; end_of_text : in std_logic;data0_in : in std_logic_vector(7 downto 0); data1_in : instd_logic_vector(7 downto 0); sys_clock : in std_logic; mem_clock : instd_logic; data0_out : out std_logic_vector(7 downto 0); data1_out : outstd_logic_vector(7 downto 0); addr : buffer std_logic_vector(15 dowuto0); READ_ENABLE : out std_logic; WRITE_ENABLE : out std_logic;cipher_text : out std_logic; out_valid : out std_logic ); end cipher ;architecture RTL of cipher is signal encode_bit : std_logic; signalencode_valid : std_logic :=‘0’; signal c0,c1  : std_logic_vector(7downto 0); signal L  : std_logic_vector(31 downto 0):=“00000000000000000000000000000000”; signal R,H  : std_logic_vector(31downto 0): =“00000000000000000000000000000001”; signal freq0  :std_logic_vector(7 downto 0); signal freq1  : std_logic_vector(7 downto0); signal j  : std_logic; begin model_update : process variable a,b :integer; variable counter : integer ;=−1; begin wait untilmem_clock′event and mem_clock=‘1’; counter :=(counter + 1)mod 8; casecounter is when 0 => READ_ENABLE <=‘1’; WRITE_ENABLE <=‘0’;if(end_of_key=‘0’) then addr <= SHL(addr,“01”) + key; else addr <=SHL(addr,“01”) + text; end if; when 2 => if(end_of_key=‘0’) thenencode_bit <= random; c0 <= data0_in + not key; c1 <= data1_in + key; a:= conv_integer(data0_in) + conv_integer (not key) + conv_integer(notrandom); b := conv_integer(data1_in) + conv_integer (key) +conv_integer(random); else encode_bit <= text; c0 <= data0_in; c1 <=data1_in; a := conv_integer(data0_in) + conv_integer (not text); b :=conv_integer(data1_in) + conv_integer(text);  end if; if(end_of_text=‘0’) then encode_valid <=‘1’; else encode_valid <=‘0’; end if; READ_ENABLE <=‘0’; WRITE_ENABLE <=‘1’; if(a>16#FF# or b>16#FF#)then data0_out <= shr(conv_std_logic_vector ((a+1),8),“01”); data1_out<= shr(conv_std_logic_vector ((b+1),8),“01”); else data0_out <=conv_std_logic_vector(a,8); data1_out <= conv_std_logic_vector(b,8); endif; when others => null; end case; end process; arith_coder : processvariable a,b,c : std_logic_vector(31 downto 0); variable f0,f1 :std_logic_vector(7 down to 0); variable k :std_logic; begin wait untilsys_clock=‘1’ and sys_clock‘event; if(encode_valid=‘1’) then if(c0>c1)then freq0 <= c1; freq1 <= c0; j <= not encode_bit; else freq0 <=c0;freq1 <=c1; j <= encode_bit; end if; f0 :=freq0; f1 := freq1; k := j;while R<=fl loop cipher_text <= L(31); out_valid <=‘1’; a :=shl(L,“01”); b := shl(R,“01”); c := not a; L <=a; if b>a then R <= c +‘1’; else R<= b; end if; wait until mem_clock=‘1’ and mem_clock‘event;end loop; out_valid <=‘0’; if(k=‘0’) then R <=conv_std_logic_vector(conv_integer(f0),32); else R <= R − f0; L <= L +f0; end if; end if end process; end RTL;

EXAMPLE

[0078] The parameters used for testing in this example are as follows:

[0079] L—Low end of the encoding interval: 32 bits, initially 0

[0080] H—High end of the encoding interval: 32 bits, initially 1

[0081] R—Range of the encoding interval: 32 bits, initially 1

[0082] V—Register for decoding bit stream

[0083] 2^(t)—size of the frequency table 130: 64K for both 0 and 1, t=15

[0084] r—Address pointer register for table: 15 bits TABLE 2 Plain text“AAAAAAAAAAAAAAAAAAAAAAAA” Ex- peri- ments Keys Cipher Text (HEX) 1 A B950 C8 C9 1B F8 44 10 2 A FA A1 91 91 3C 81 14 80 3 A 83 D3 C3 C7 28 1F35 4 AbCD8910 56 DF B4 56 894867 9E 82 28 28 28 66 45 21 40 5 AbCD8910B9 72 D9 5D A0 F1 62 68 99 7D 7D 70 98 EE F8

[0085] TABLE 3 Plain text “It is incredible for us” Ex- peri- ments KeysCipher Text (HEX) 1 Zfg E7 95 CE 8C A3 B7 7E 1D 98 9E 1E 6F 0D 77 32 14C5 58 24 4b FF 40 69 43 1C 45 29 80 2 Zfg 2B CF 08 FD 5F 54 87 E1 D9 89E1 E6 F0 D7 73 21 4C 55 82 44 BF F4 06 94 31 C4 52 98 3 123 C4 99 9E F497 49 27 32 06 97 32 0A 0B 62 86 25 13 CA 51 2E 44 BA 86 72 45 CA 95 2700 4 123 E5 3D C0 5C 82 58 12 EA 84 95 52 85 69 0D 77 32 14 C5 58 24 4BFF 40 69 43 1C 45 29 80

[0086] From Tables 2 and 3 above, the following is apparent: 1) for thesame plain text with the same key, different cipher text results, 2) thesize of cipher text is changeable with different experiment parametersand different keys, and 3) for high correlative data the compressionrate is high, but for less correlative date or a shorter string, thecompression rate is also good.

[0087] The technique of the present invention may be used for encryptionif the values in the frequency table are used as the encryption key. Onedifference between the present invention and WNC is the model. Thebit-based model of the present invention makes it extremely difficult totrace all the initial values using a technique such as the one describedby Bergen/Hogan. The compressed bit stream or cipher text 120 may bedecoded by a reverse process.

[0088]FIG. 6 illustrates an exemplary schematic flow of decryption inone embodiment of the present invention. As illustrated in FIG. 6, thecipher text 120 is input to a decoder 124. A main key 118 is input tothe model 116 and to the decoder 124. The output of random bit generator152 is input to the model 116. The output of the model 116 is input tothe decoder 124. The decoder 124 decodes the cipher text 120 to producethe plain text 12 which is fed back to the model 116. The decoder 124also passes an output to the random generator 152. In one exemplaryembodiment, the decoder 124 is the decoder described in copending U.S.application Ser. No. 09/240,576 entitled “Multiplication-Free ArithmeticCoding” filed on Feb. 1, 1999, the entire contents of which are herebyincorporated by reference. This decoder is described in more detailbelow.

[0089] Decoding

[0090] For decoding the R and L registers are again initialized and athird register V is utilized to store part of the decoding bit stream,and i denotes the output bit. If S is the decoding bit stream, which isgenerated by the encoding algorithm described above, the decoding stepsperformed by the decoder 124 are summarized in pseudocode as:

[0091] 1. If c₀>c₁, exchange the values of c₀ and c₁, and let i=1; elsei=0.

[0092] 2. While R≦c₁, do

[0093] L=L<<1, R=R<<1, V=V<<1.

[0094] V=V| next bit from S.

[0095] If R>˜L, then R=˜L+1.

[0096] 3. If c₀<V, then R=c₀; else R=R−c₀, L=L+c₀, and i=!i

[0097] To summarize, the method of the multiplication-free arithmeticcoding to produce a decoded string receives bits from a decoded streamand two frequency counts, finds a most probable symbol and a leastprobable symbol, subjecting a first register to magnitude shiftoperations for inputting bits from the decoded bit stream and forapproximating a contextual probability of each symbol in the decodedstring, and decoding a next symbol to the decoded stream based on thecontextual probability.

[0098]FIG. 7 includes the specific steps performed by the decoder 124 inthe decoding process 40 in more detail. In particular, in step 42, theregister R, L, and V are initialized. The values of registers R, L, andV and the string to be decoded are input to 0-Markov model at step 44 toproduce frequency counts c₀ and c₁. In step 46, c₀ and c₁ are comparedand if c₀ is greater than c₁, c₀ and c₁ are exchanged and i is set toits logical complement at step 48. If however, c₀ is not greater thanc₁, processing proceeds to step 50, where it is determined whether thevalue of register R is greater than or equal to c₁. If so, processingproceeds to step 52 where registers R, L, and V are all arithmeticallyleft shifted, the next bit from the decoding bit stream S is added toregister V, and if R is greater than the binary complement of L, then Ris set to the binary complement of L plus one. Processing then returnsto step 50.

[0099] If the value of register R is not greater than or equal to c₁,then processing continues to step 54. In step 54, it is determinedwhether c₀ is less than V. If c₀ is less than V, then the value ofregister R is set equal to c₀ at step 56 and if c₀ is not less than V,then R is set to the previous value of R minus c₀, L is set to theprevious value of L plus c₀, and i is set to its logic complement atstep 58, thereby decoding the next bit in the bit stream S. The processthen repeats by inputting the next bit to the Markov model update atstep 44. The processing is continued until all bits of the decoding bitstream S are decoded.

[0100] Again, although the present invention just described utilizing a0-order Markov model, any model, known to one of ordinary skill in theart, could be utilized.

[0101] Table 4, set forth below, illustrates a compression ratiocomparison for files of varying types, between an encoder whichimplements multiplication, the prior art technique disclosed in U.S.Pat. No. 4,652,856, and the multiplication-free arithmetic coding of thepresent invention. TABLE 4 Encoder of the U.S. Pat. Multiplier PresentNo. Source File Size Encoder Invention 4,652,856 C source 27620 37.5%38.4% 39.9% Chinese file 72596 43.3% 43.8% 44.9% Scale image 26233067.9% 68.8% 69.6% EXE file 54645 74.3% 74.6% 75.6% Mixed data 41719267.2% 68.0% 68.9%

[0102] As illustrated in Table 4, the present invention achieves acompression ratio better than prior art multiplication-free arithmetictechniques. Table 4 also illustrates that the multiplication encoderusually provides the best compression because each multiplication-freedesign utilizes some approximate value instead of practicalprobabilities, so there will usually some degradation in compressionratios utilizing multiplication-free arithmetic techniques. However, thepresent invention, as illustrated in Table 4, provides a lowcomputationally complex and low cost hardware implementation, whichstill achieves compression ratios which are comparable tomultiplication-base techniques.

[0103] As illustrated in FIG. 8, the main key 118 is supplied to themodel controller 128. The model controller 128 controls the read andwrites of the RAMs 126 and the output of the frequency table 130 and thesource bit to the decoder 124. The inputs to the decoder 124 include atext bit from the cipher text 120, a key bit from the main key 118, anda pair of frequency counts 148 for bits “0” and “1”. The output of themodel controller 128 to RAMs 126 is a read enable signal 138, a writeenable signal 140, modified frequencies 142 for bits “0” and “1”,respectively, and an address 144. The RAMs 126 output two frequencies136 to the model controller 128. In one exemplary embodiment, the model116 is implemented utilizing two clocks, a system clock and a RAM clock,in order to permit a model controller 128 to finish read and write tothe RAMs 126 in one system cycle.

[0104] The present invention may also be described as a two-phasedecipher. In the first phase, random bits are decoded from cipher bits.In the first phase, the key size controls the decoder 124 so that themodel controller 128 can receive random bit strings from the decoder 124with the same size as the key. For each bit pair (one random bit and onekey bit), decipher is performed by:

[0105] 1) using a shift register in decoder 124, to get F and F1 fromRAMs 126;

[0106] 2) if the key bit is 0, add 1 to F0; add 1 to F1;

[0107] 3) pass F0, F1 to decoder 124;

[0108] 4) decoder 124 decodes random bit and send the random bit tomodel controller 128;

[0109] 5) if the random bit is 0, the model controller 128 adds 1 to F;else adds 1 to F1;

[0110] 6) write F0 and F1 back into RAMs 126; and

[0111] 7) shift the register left, and insert the current random bitinto the last position of the shift register.

[0112] When the first phase is completed, a useful initial frequencytable is obtained in RAMs 126.

[0113] In the second phase, the plain text 12 is decoded. In the secondphase, only one input, the cipher text 120, is required and decipheringincludes the following steps for each input bit:

[0114] 1) according to the shift register, get F0 and F1 from RAMs 126;

[0115] 2) pass F0, F1 to the decoder 124;

[0116] 3) decoder 124 decodes a plain text bit and sends the plain textbit to model controller 126;

[0117] 4) if the plain text bit is 0, add I to F0; else add 1 to F1;

[0118] 5) write F0 and F1 back into to RAMs 126; and

[0119] 6) shift the register left, and insert the current plain text bitinto the last portion of the shift register. Therefore, plain text 12will be output from decoder 124.

[0120] To decode an encrypted message, the frequency table 130 may beconstructed and the random bit stream in the cipher text 120 can berecovered before decoding begin(s). Decoding can also be defined inpseudocode as follows:

[0121] Decryption

[0122] 1. While j<=n, do

[0123] Find the location pointed by r from the frequency table 130.

[0124] If k_(j)=1, add 1 to frequency 1 location; else add 1 tofrequency 0 location.

[0125] Use the current frequency counts to decode one random bit 1.

[0126] If l=1, add 1 to frequency 1 location; else, add 1 to frequency 0location.

[0127] Left shift r, r=r| the random bit

[0128] 2. Decode cipher text 120 and update model as follows:

[0129] If current bit is 1, add 1 to frequency 1 location, else add 1 tofrequency 0 location.

[0130] Left shift r, r=r current bit.

[0131] It is noted that the functional blocks in FIGS. 1-3, 6 and 8 maybe implemented in hardware and/or software. The hardware/softwareimplementations may include a combination of processor(s) and article(s)of manufacture. The article(s) of manufacture may further includestorage media and executable computer program(s). The executablecomputer program(s) may include the instructions to perform thedescribed operations. The computer executable program(s) may also beprovided as part of externally supplied propagated signal(s).

[0132] The invention being thus described, it will be obvious that thesame may be varied in many ways. Such variations are not to be regardedas a departure from the spirit and scope of the invention, and all suchmodifications as would be obvious to one skilled in the art are intendedto be included within the scope of the following claims.

1. An encryption device, comprising: a random number generator,receiving a main key, determining a working key using at least onerandom number and outputting the working key; a model, receiving themain key, the working key and plain text and generating at least twofrequency counts; and an encoder, outputting cipher text, based on theworking key, the plain text, and the at least two frequency counts. 2.The encryption device of claim 1, wherein the working key produced bysaid random number generator is variable length.
 3. The encryptiondevice of claim 1, wherein said encoder output is variable.
 4. Theencryption device of claim 1, wherein the working key and the main keyare different.
 5. The encryption device of claim 1, wherein said modelincludes at least one frequency table containing the at least twofrequency counts.
 6. The encryption device of claim 1, wherein the atleast one frequency table is stored in a RAM.
 7. The encryption deviceof claim 1, wherein the ciphered text output by said encoder is based ona bit-based processing scheme.
 8. The encryption device of claim 5,wherein the at least one frequency table includes the working key.
 9. Amethod of encrypting, comprising: processing random bits and key bits togenerate at least one frequency table; and encoding plain text using theat least one frequency table.
 10. The method of claim 9, wherein saidprocessing step includes generating a random bit string of a lengthequal to a key.
 11. The method of claim 9, wherein said processing step,different key bits produce a different at least one frequency table. 12.The method of claim 9, wherein said encoding step output is variable.13. The method of claim 9, wherein the ciphered text output by saidencoder is based on a bit-based processing scheme.
 14. The method ofclaim 11, wherein the at least one frequency table includes the workingkey.
 15. A decryption device, comprising: a model, receiving a main key,a working key and plain text and generating at least two frequencycounts; a decoder, outputting plain text, based on the working key, themain key, the plain text, the at least two frequency counts, and arandom number generator, receiving the plain text and determining theworking key using at least one random number and outputting the workingkey to said model.
 16. The decryption device of claim 15, wherein theworking key produced by said random number generator is variable length.17. The decryption device of claim 15, wherein said decoder output isvariable.
 18. The decryption device of claim 15, wherein the working keyand the main key are different.
 19. The decryption device of claim 15,wherein said model includes at least one frequency table containing theat least two frequency counts.
 20. The decryption device of claim 1,wherein the at least one frequency table is stored in a RAM.
 21. Thedecryption device of claim 15, wherein the ciphered text output by saidencoder is based on a bit-based processing scheme.
 22. The decryptiondevice of claim 19, wherein the at least one frequency table includesthe working key.
 23. A method of decrypting, comprising: processingrandom bits and key bits to generate at least one frequency table; anddecoding cipher text using the at least one frequency table.
 24. Themethod of claim 23, wherein said processing step includes generating arandom bit string of a length equal to a key.
 25. The method of claim23, wherein said processing step, different key bits produce a differentat least one frequency table.
 26. The method of claim 23, wherein saiddecoding step output is variable.